With the advent of computer-based technology, security of data, user authorization, and access control are important concerns. Typically, some form of a token is used to grant access to data, applications, services, functions, and the like. For example, a private computer system may require a user to enter his username and password in order to log in and gain access to secure data. In another example, a smart phone may require a user to place her finger on a designated area in order to read her fingerprint and authorize access to the device. In yet another example, a secure video conferencing application may require visual analysis of a user's face to perform facial recognition.
Generally, these types of authorizations take a matter of seconds to perform (e.g., typing in a username and password to login). In some cases, a keyboard, mouse, or other typical computer-based input device is not a standard part of the system, such as typing with a television remote control to access parental-controlled channels. And, there are situations where implementing password authentication is burdensome, such as to lock a medicine cabinet, turn on a TV, or unlock a gate. In addition, there are situations where users may have limited ability to perform such password input, e.g., small children, people with certain disabilities, or for perhaps even someone with their hands full. For these types of scenarios, standard authorization techniques can be inconvenient or inoperable.
Another general problem is that the authorization is typically a binary resolution—access is either granted or denied. For example, if a person is given a door key, the key will always open the door. If a person submits a password to a computer system, the computer system will always allow the user to access secure data or applications. As a result, if access needs to be adjusted according to a specific scenario, timeframe, or set of circumstances, a computer system will likely require additional rules and logic to support such access. Examples include allowing a child to watch TV during a particular period of time (e.g., 5:00-6:00 pm), or allowing employees to bring family members to the office for an annual holiday party, which is normally restricted to employee access only. The granularity and complexity involved in evaluating and granting or denying such authorization creates challenging situations.